How-to Tutorials

Use OpenSSL to Create CSR, Private Key and Self-Signed Certificate

Create CSR and Private Key in One Command

The following is a single command you can use to create a Private Key and CSR (Certificate Signing Request). The words in bold should be replaced to match you the website you’re creating the certificate for.

openssl req -nodes -out linuxbucket.com.csr \
-newkey rsa:2048 -keyout linuxbucket.com.key \
-config <(
cat <<-EOF
[req]
default_bits = 2048
prompt = no
req_extensions = req_ext
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
C=US
ST=New York
L=New York
O=Linux Bucket
OU=Web Security
emailAddress=admin@linuxbucket.com
CN = linuxbucket.com

[ req_ext ]
subjectAltName = @san_names

[ san_names ]
DNS.1 = www.linuxbucket.com
DNS.2 = test.linuxbucket.com
EOF
)

Self-Sign Your Certificate in One Command

Once again replace the bold text to match your website. This certificate will be valid for 1 year.

openssl x509 \
       -signkey linuxbucket.com.key \
       -in linuxbucket.com.csr \
       -req -days 365 -out linuxbucket.com.crt

At this point you could use the .key and .crt to secure your domain. Of course you wouldn’t want to use this on a public website as self-signed certificates are meant more for internal use. The reason is that with sefl-signed certificates your users will get certificate errors telling them that the certificate is not signed by a known authority like Verisign, etc.

Next Post

Previous Post

Leave a Reply

© 2020 linux bucket

All rights reserved